Menu
▾
▴
Re: [Firebird-devel] RFC: Adding a cryptographic library for use in firebird
|
From: Nikolay S. <nik...@re...> - 2008-12-04 02:22:32
|
Hello, Mark! Nice to hear from you as well. I'm still busy fighting fires, and cannot read/write fb-devel too often. I cannot take much credit for this security work. I only made initial top-level designs and reviewed the specs iteratively. The specs were written by Roman Simakov and his Murom team. The detailed specs sign-off was done by russian database security engineers who do the similar work for MySQL, Oracle and MS SQL. I believe they prefer not to have their names called in public too often. :-) I almost never touched the implementation so 90%+ of credits should go to Murom guys who spent 10+ man-years on the thing by now. Mark O'Donohue wrote: > Now presumably you did intend for > those red database changes to go into fb3, or were they scheduled for > inclusion in fb2.5? > FB3 or whenever the stars align. Merge requires resources, and this is a problem. > Btw, I am very interested in looking at what you have done for the > enhanced client logon authentication. > You can get in touch with Roman, he has all the details. > BTW, I cant seem to access http:://www.wincrypt.com it seems to not > return anything, > is that the best site for wincrypt? > You can read about it on MSDN, e.g. http://msdn.microsoft.com/en-us/library/aa388162(VS.85).aspx We call it WinCrypt because the corresponding include header file is called "wincrypt.h". I think official name now is Microsoft CryptoAPI, but I also heard about CAPI and other names for the same thing. Although it is designed for Windows, there are implementations for other platforms as well (the story similar to ODBC). Yes, OpenSSL use/support would be great, but we didn't work on that. The plugins are almost a must, because real security guys use special hardware with "Classified" API. Think about it - not only the implementation is secret, but API and guidelines for its use are also a secret. For your engine to work with this HW you have to hire guys sitting at undisclosed location, and let them write crypto-plugin for your interface and distribute/support it. It is a way easier and cheaper if there is no OpenSSL in the middle, and they write to defined plug-in spec. Note that every line of code has to go through static and dynamic flow analysis, so adding big extra packages (like OpenSSL) into sensitive places costs money to certify, lots of money. We may discuss more details privately with ICQ 114101470 or Skype nikolay.samofatov, if you want. -- Nikolay Samofatov, MBA Red Soft International +1 416 710 6854 |
